Abstract: Provided is authentication and authorization without the use of supplicants. Authentication and authorization includes generating a profile for a device based on at least one characteristic observed during a successful attempt by the device to access an 802.1X network infrastructure. Expected characteristics for a next attempt to access the infrastructure by the device are determined. A characteristic of the next access attempt is matched to the expected characteristic and access to the network is selectively controlled as a result of the matching. This is achieved without a supplicant being installed on the device.

Abstract: An optical security method for object authentication using photon-counting encryption implemented with phase encoded QR codes. By combining the full phase double-random-phase encryption with photon-counting imaging method and applying an iterative Huffman coding technique, encryption and compression of an image containing primary information about the object is achieved. This data can then be stored inside of an optically phase-encoded QR code for robust read out, decryption, and authentication. The optically encoded QR code is verified by examining the speckle signature of the optical masks using statistical analysis.

Abstract: According to at least one embodiment, a computer-implemented method for managing malware for a computing device is described. In one embodiment, an attempt by a process to modify at least one file on the computing device may be identified. The identified process may be analyzed to estimate an age value associated with the identified process. The estimated age value of the identified process may be compared to an age value associated with the at least one file. The attempt to modify the at least one file may be prevented based at least in part on the comparison.

Abstract: A proxy device intercepts requests from client devices to access message data through a message data device, such as accessing e-mail messages through a mail server implementing post office protocol (POP) or other messaging protocol. The proxy device determines to authenticate of a client device when, for example, the client device, is located within certain areas that differ from a geographic region associated with a message account holder. Authentication of the client device may include collecting additional information, such as a universal identifier that may be used by the client device to access various services. The proxy device may further forward a notification message to the client device indicating the access to the message data is pending until the client device is authenticated. If the client device is successfully authenticated, the proxy device forwards the request to the message data device to enable the client device to access the message data.

Abstract: A method and system for authenticating a credential via a one time password which includes receiving a user ID, a client ID, and the one time password from a client device, and then validating the one time password based on the user ID and the credential ID. Upon validating the one time password, a response is sent to the client device, and the response includes at least one of an authorization to access a private key stored on the client device or at least a portion of the private key.

Abstract: A cloud-based computer system changes the modern paradigm from being device-centric to being person-centric. The system makes all user data, software settings, device settings, and licensed content for a user available in the cloud. The system includes a conversion mechanism that can convert information intended for one device type to a different device type. Thus, a user changing smart phone platforms can convert their current smart phone settings to equivalent settings on the new phone platform, and their new phone can then be configured using the user's converted settings stored in the cloud. By storing all the user's relevant information in the cloud, this information may be accessed anywhere and may be used to configure a large number of different devices according to the user's settings.

Abstract: A method of providing access to secure features of a device includes detecting motion of a secured device during entry of first access credentials on the secured device, storing first motion data in association with the first access credentials, the first motion data indicating a pattern of the detected motion, and granting access to a secured feature of the secured device when a user enters user access credentials matching the first access credentials accompanied by detected motion that produces user motion data matching the first motion data to a degree within a defined valid data range of the first motion data.

Abstract: A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.

Abstract: A method, system, and apparatus are provided for controlling encrypted data stored on a remote device. In particular, a remote device includes a storage controller device that can receive a “secure hide” command from an administrator device via a cloud server. If the storage controller device determines the “secure hide” command is validly signed, then the storage controller device executes the secure command by erasing the end user's public decryption key from the storage controller device. At that point, end user access to the encrypted data on the remote device is highly improbable.

Abstract: Managing data security on a mobile device. Data associated with a mobile device is received; the data includes an identification (ID) of the mobile device and a location of the mobile device relative to one or more location sensor devices. A path is determined, relative to the one or more location sensor devices, through which the mobile device has travelled. An electronic security key is communicated to the mobile device based on determining that the path corresponds to a defined path associated with the mobile device.

Abstract: Aspects of the present invention are directed to a method and system for distributing information from an information distributor in a banking environment. The method may include composing an electronic notification instrument by providing a notification component and providing a payload component, the payload component including a selectable link. The method may additionally include pushing the electronic notification instrument to an information client and allowing a pull from the information distributor through the electronic notification instrument such that the payload component including the selectable link is activated by an authorized information recipient, the authorized information recipient determined by the information client. The method may additionally include determining through a tracer whether the electronic notification instrument has an acceptable disposition and rendering the electronic notification instrument inaccessible if the disposition is not acceptable.

Abstract: Systems, methods, and other embodiments associated with secure cloud based multi-tier provisioning are described. In one embodiment, a method includes storing, in server-side computer storage medium, an activation key for a networked device and a set of configuration parameter values associated with an application to be run by the networked device. The method includes managing access to the computer storage medium such that access to the activation key and the configuration parameter values by unauthorized entities is prevented. Upon receiving the activation key from an authorized installation entity, the method includes identifying a configuration for the networked device comprising the set of configuration parameter values. A network connection is made with the networked device and the configuration is transmitted to the networked device, such that the configuration is not provided to the authorized installation entity.

Abstract: Improved handling of battery recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a battery so as to enable exchange of power between the device and the battery is determined by a match between one of a plurality of number strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored number string.

Abstract: A method, system and program product for preventing phishing attacks, wherein the method comprises: acquiring links in a Web page; classifying the acquired links according link types; and determining whether a phishing attack exists according to the classified links, wherein the links are classified into two types: internal links belonging to the same domain as the address of the Web page, and external links belonging to a different domain from the address of the Web page. By carrying out the method or system according to the above one or more embodiments of the present disclosure, since it is first detected whether a Web page is a fake website of a phishing attack before displaying the reproduced Web page to the user and the user is warned upon detecting a fake website, unnecessary losses due to phishing attacks can be prevented.

Abstract: Embodiments of the disclosure relate to controlling access to a mobile device with a paired device. Aspects include pairing the paired device with the mobile device and defining a security profile for the mobile device. Aspects also include receiving a user access request for a desired action via the mobile device and determining signal strength between the paired device and the mobile device. Aspects further include executing the desired action based on a determination that the signal strength is greater than a threshold in the security profile for the desired action.

Abstract: The disclosure is directed to a wearable device that is configured to secure itself based on signals received from a pulse sensor. According to one implementation, the pulse sensor includes a light source (e.g., a light-emitting diode) and a photo sensor. The light source, under the control of a processor, shines light having a particular wavelength (e.g., green or infrared). The photo sensor generates signals based on light that it senses. For example, when the light from the light source reflects off a person's skin, then the photo sensor will generate signals based on the reflected light that the photo sensor detects. In this manner, the wearable device can accurately determine whether it is being worn by a user (e.g., by taking a photoplethysmogram) and, when necessary, secure the wearable electronic device.

Abstract: In some embodiments, computer implemented methods, systems, and non-transitory computer readable media determine a first comparison value based on a first comparison between a first sensor signature associated with first set of sensor data of a first device in a first context and a second sensor signature associated with second set of sensor data of a second device. The first comparison is associated with a first authentication type. It is determined whether the first comparison value satisfies a first threshold. It is determined that a user should be authenticated on the second device based on satisfaction of the first threshold.

Abstract: A method begins by a first device generating a self-validating message by creating a master key, using the master key to create a message encryption key, encrypting a message using the message encryption key to produce an encrypted message, encrypting the master key using a public key of a second device to produce an encrypted master key, and including a message authentication code of the first device in the self-validating message. The method continues by the second device receiving and decoding the self-validating message by verifying the message authentication code of the first device, and when the message authentication code of the first device is verified, decrypting the encrypted master key using a private key of the second device to recover the master key, using the master key to create the message encryption key, and decrypting the encrypted message using the message encryption key to recover the message.

Abstract: A manifest transfer engine for a one-way file transfer system is disclosed. The manifest transfer engine comprises a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side receives and stores a file manifest table from an administrator server. The send side also receives a file from a user and compares it with the file manifest table. Transfer of the file to the receive side via the one-way data link is allowed only when there is a match between the file and the file manifest table. In an alternative embodiment, the receive side instead receives and stores the file manifest table from the administrator server and compares it with the file received from the send side via the one-way data link to determine whether to allow transfer of the file.

Abstract: An apparatus, method, and a computer program are provided to secure one or more sections of a document. For example, one or more sections of the document may be converted into secured content. The secured content may then be removed from the document, and replaced with replacement content in the document. This may prevent a viewer with no privileges from viewing secured content.